/**
* return a user's latest grades as a rss feed
*
* gets $user's $number latest grades (from $class; 'all' for all their classes),
* using get_latest_grades(), and makes a rss feed out of them
*/
function rss_latest_grades($user, $number, $class)
{
$real_name = "SELECT `firstname`,`surname` FROM `users` WHERE `ID`='{$user}' LIMIT 1";
$realname = query($real_name) or die("Error getting information from the database.");
while ($row = result($realname)) {
$real_name = stripslashes($row->firstname) . " " . stripslashes($row->surname);
}
$latest_date = "SELECT MAX(`date_assigned`) FROM `grades` WHERE `student_ID`='{$user}' LIMIT 1";
$latest_date = @query($latest_date) or die("Error getting information from the database.");
$latest_date = command_result($latest_date, 0);
rss_header("{$real_name}'s grades", "your latest grades", "http://" . server_root . "classes.php", $latest_date);
$grades = get_latest_grades($user, $number, $class, current_semester);
// break the grades string down into individual grades
$grades = explode("--", $grades);
foreach ($grades as $grade) {
// to get rid of the empty grade
if ($grade != "") {
// break the grade string down into its individual pieces
list($class_id, $assign_id, $assign_name, $assign_date, $points_possible, $points_scored, $grading_period) = split("::", $grade);
// get the class's name and print the grade
$class_name = @query("SELECT `name` FROM `classes` WHERE `ID`='{$class_id}' LIMIT 1") or die("Error getting class name.");
$result = result($class_name);
$class_name = $result->name;
// time to rss-ify 'em
rss_item($class_name . "-- " . $assign_name, "{$points_scored}/{$points_possible}", server_root . "/assignment.php?class={$class_id}%26id={$assign_id}", $assign_date);
}
}
rss_footer();
}
disconnect_sql();
} else {
connect_sql();
// see if $class is a class
$is_class = @query("SELECT 1 FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error checking the database.");
if (num_rows($is_class) == 0) {
die("Invalid class.");
}
$class_info = @query("SELECT * FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error getting information from the database.");
while ($row = result($class_info)) {
$period = $row->period;
$class_name = stripslashes($row->name);
}
$class_name = "Period {$period} {$class_name}";
$last_post = @query("SELECT MAX(timestamp) FROM `news` WHERE `class`='{$class}'") or die("Error getting information from the database.");
$last_post = command_result($last_post, 0);
$posts = @query("SELECT * FROM `news` WHERE `class`='{$class}' LIMIT 5") or die("Error getting the posts from the database.");
header("Content-type: text/xml");
rss_header($class_name . " news", "news for " . $class_name, server_root . "news.php", $last_post);
while ($row = result($posts)) {
$id = $row->ID;
$timestamp = $row->timestamp;
$subject = stripslashes($row->subject);
$body = stripslashes($row->body);
rss_item($subject, $body, server_root . "news.php?archive%26id={$id}", $timestamp);
}
rss_footer();
disconnect_sql();
}
die;
} elseif (isset($_GET['archive'])) {
}
// see if the category is valid
$valid_category = @query("SELECT 1 FROM `categories` WHERE `ID`='{$category}' LIMIT 1") or die("Error checking the database.");
if (num_rows($valid_category) == 0) {
cust_die("Invalid category.");
}
$students = get_students($class_id);
$students = explode(",", $students);
foreach ($students as $student) {
if (!isset($_POST[$student . "_scored"]) or $_POST[$student . "_scored"] == "") {
cust_die("You must fill in a grade for all students. If a student doesn't have that grade, fill the box in with an x.");
}
}
// get the assignment's number
$assign_number = @query("SELECT MAX(`assign_number`) FROM `grades` WHERE `class_id`='{$class_id}'") or die("Error getting information from the database.");
$result = command_result($assign_number, 0);
$assign_number = $result;
$assign_number++;
$grading_period = current_semester;
foreach ($students as $student) {
$points_scored = escape_string($_POST[$student . "_scored"]);
$query = "INSERT INTO `grades` (`class_id`, `assign_number`, `assign_name`, `assign_desc`, `date_assigned`, `grading_period`, `student_ID`, `points_possible`, `points_scored`";
if (isset($_POST[$student . "_comment"])) {
if (strlen($_POST[$student . "_comment"]) <= 255) {
$comment = escape_string(htmlspecialchars($_POST[$student . "_comment"]));
$query .= ", `comment`";
}
}
$query .= ", `category`) VALUES ('{$class_id}', '{$assign_number}', '{$assign_name}', '{$description}', '{$timestamp}', '{$grading_period}', '{$student}', '{$points_possible}', '{$points_scored}'";
if (isset($comment)) {
$query .= ", '{$comment}'";
$password = strrev($password);
$password = substr($password, 0, 7);
} elseif (isset($_POST['pass1']) and $_POST['pass1'] != "") {
if (!isset($_POST['pass2']) or $_POST['pass2'] == "") {
cust_die("You must confirm the user's password.");
} elseif ($_POST['pass1'] != $_POST['pass2']) {
cust_die("The passwords did not match.");
} else {
$password = escape_string($_POST['pass1']);
}
}
$cryptedpass = md5(md5($password));
// add the user to the database
add_user($username, $cryptedpass, "1", $firstname, $surname, $gender, $email);
$student_id = @query("SELECT `ID` FROM `users` WHERE `username`='{$username}' LIMIT 1") or die("Error getting the student's ID number.");
$student_id = command_result($student_id, 0);
$classes = "";
// add 'em to the student table
for ($i = 1; $i <= number_of_semesters; $i++) {
$classes .= "{$i}\\{";
for ($day = 1; $day <= 5; $day++) {
switch ($day) {
case 1:
$classes .= "Mon";
break;
case 2:
$classes .= "Tue";
break;
case 3:
$classes .= "Wed";
break;
